Initial implementation of the gocrypt plugin

This commit is contained in:
Peter Cai 2022-10-10 11:05:41 -04:00
commit 188f523148
3 changed files with 111 additions and 0 deletions

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
pass

107
gocrypt.bash Executable file
View file

@ -0,0 +1,107 @@
#!/usr/bin/env bash
# SPDX-License-Identifier: GPL-3.0-only
# Copyright (C) 2022 Peter Cai <peter at typeblog dot net>
readonly gocrypt_dir=".gocrypt"
readonly gocrypt_dec_dir="gocrypt"
readonly gocrypt_passwd_file="gocrypt-passwd"
gocrypt_sys_check() {
which gocryptfs > /dev/null || gocrypt_die "gocryptfs not found in PATH"
}
gocrypt_env_check() {
gocrypt_sys_check
[ ! -d "$gocrypt_dir" ] && gocrypt_die "gocrypt plugin not initialized"
}
gocrypt_open_check() {
gocrypt_env_check
[ ! -f "$gocrypt_dec_dir"/.pass-gocrypt ] && gocrypt_die "gocrypt not opened"
}
gocrypt_die() {
printf "Error: %s\n" "$1" >&2
exit 1
}
gocrypt_init() {
gocrypt_sys_check
if [ -d "$gocrypt_dir" ] || [ -f "$gocrypt_dir" ]; then
gocrypt_die "gocrypt plugin already initialized for your password store"
fi
pass generate "$gocrypt_passwd_file" 32
# Initialize gocryptfs
mkdir "$gocrypt_dir"
gocryptfs -passfile /dev/stdin -init "$gocrypt_dir" <<< "$(pass show "$gocrypt_passwd_file")"
# Mount the gocryptfs subdirectory and initialze what is inside of it
gocrypt_open
touch "$gocrypt_dec_dir"/.pass-gocrypt
# By default, we use the same gpg-id inside, but the user can decide to use a different one later by doing it manually
ln -s ../.gpg-id "$gocrypt_dec_dir"/.gpg-id
# Add the decrypted path to gitignore
echo >> .gitignore
echo "# Gocrypt" >> .gitignore
echo "gocrypt" >> .gitignore
pass git add .gitignore
pass git add "$gocrypt_dir"
pass git commit -m "Initialized encrypted storage for gocrypt plugin"
}
gocrypt_open() {
gocrypt_env_check
mkdir -p "$gocrypt_dec_dir"
gocryptfs -passfile /dev/stdin "$gocrypt_dir" "$gocrypt_dec_dir" <<< "$(pass show "$gocrypt_passwd_file")"
}
gocrypt_close() {
gocrypt_open_check
fusermount -u "$gocrypt_dec_dir"
}
gocrypt_delegate() {
gocrypt_open_check
# Delegate command to another `pass` instance that manages what is inside of the mountpoint
PASSWORD_STORE_DIR="$PWD/$gocrypt_dec_dir" pass $@
# Commit if there has been changes due to this operation
pass git add "$gocrypt_dir"
pass git commit -m "Encrypted pass operation inside gocrypt" "$gocrypt_dir" || echo "No git commit created"
}
if [ $# -eq 0 ]; then
gocrypt_die "Unknown command for gocrypt"
fi
if [ ! -d "$PREFIX" ]; then
gocrypt_die "Cannot open password store"
fi
# cd into the password store prefix
cd "$PREFIX"
case "$1" in
init)
shift
gocrypt_init $@
;;
open)
shift
gocrypt_open $@
;;
close)
shift
gocrypt_close $@
;;
ls|list|grep|find|search|show|insert|add|edit|generate|rm|remove|delete|mv|rename|cp|copy|git)
# No shift here since we need to delegate these commands to another pass instance
gocrypt_delegate $@
;;
*)
gocrypt_die "Unknown command $1 for gocrypt"
esac

3
pass-test Executable file
View file

@ -0,0 +1,3 @@
#!/usr/bin/env sh
PASSWORD_STORE_DIR=$PWD/pass PASSWORD_STORE_EXTENSIONS_DIR=$PWD PASSWORD_STORE_ENABLE_EXTENSIONS=true pass $@